1 /* crypto/bn/bn_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
63 const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
65 /* For a 32 bit machine
74 OPENSSL_GLOBAL int bn_limit_bits=0;
75 OPENSSL_GLOBAL int bn_limit_num=8; /* (1<<bn_limit_bits) */
76 OPENSSL_GLOBAL int bn_limit_bits_low=0;
77 OPENSSL_GLOBAL int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
78 OPENSSL_GLOBAL int bn_limit_bits_high=0;
79 OPENSSL_GLOBAL int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
80 OPENSSL_GLOBAL int bn_limit_bits_mont=0;
81 OPENSSL_GLOBAL int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
83 void BN_set_params(int mult, int high, int low, int mont)
87 if (mult > (sizeof(int)*8)-1)
94 if (high > (sizeof(int)*8)-1)
96 bn_limit_bits_high=high;
97 bn_limit_num_high=1<<high;
101 if (low > (sizeof(int)*8)-1)
103 bn_limit_bits_low=low;
104 bn_limit_num_low=1<<low;
108 if (mont > (sizeof(int)*8)-1)
109 mont=sizeof(int)*8-1;
110 bn_limit_bits_mont=mont;
111 bn_limit_num_mont=1<<mont;
115 int BN_get_params(int which)
117 if (which == 0) return(bn_limit_bits);
118 else if (which == 1) return(bn_limit_bits_high);
119 else if (which == 2) return(bn_limit_bits_low);
120 else if (which == 3) return(bn_limit_bits_mont);
124 BIGNUM *BN_value_one(void)
126 static BN_ULONG data_one=1L;
127 static BIGNUM const_one={&data_one,1,1,0};
132 char *BN_options(void)
135 static char data[16];
141 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
142 (int)sizeof(BN_ULONG)*8);
144 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
145 (int)sizeof(BN_ULONG)*8);
151 int BN_num_bits_word(BN_ULONG l)
153 static const char bits[256]={
154 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
155 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
156 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
157 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
158 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
159 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
160 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
161 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
162 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
163 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
164 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
165 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
166 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
167 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
168 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
169 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
172 #if defined(SIXTY_FOUR_BIT_LONG)
173 if (l & 0xffffffff00000000L)
175 if (l & 0xffff000000000000L)
177 if (l & 0xff00000000000000L)
179 return(bits[(int)(l>>56)]+56);
181 else return(bits[(int)(l>>48)]+48);
185 if (l & 0x0000ff0000000000L)
187 return(bits[(int)(l>>40)]+40);
189 else return(bits[(int)(l>>32)]+32);
194 #ifdef SIXTY_FOUR_BIT
195 if (l & 0xffffffff00000000LL)
197 if (l & 0xffff000000000000LL)
199 if (l & 0xff00000000000000LL)
201 return(bits[(int)(l>>56)]+56);
203 else return(bits[(int)(l>>48)]+48);
207 if (l & 0x0000ff0000000000LL)
209 return(bits[(int)(l>>40)]+40);
211 else return(bits[(int)(l>>32)]+32);
218 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
222 return(bits[(int)(l>>24L)]+24);
223 else return(bits[(int)(l>>16L)]+16);
228 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
230 return(bits[(int)(l>>8)]+8);
233 return(bits[(int)(l )] );
238 int BN_num_bits(const BIGNUM *a)
245 if (a->top == 0) return(0);
247 i=(a->top-1)*BN_BITS2;
250 #if !defined(NO_STDIO) && !defined(WIN16)
251 fprintf(stderr,"BAD TOP VALUE\n");
255 return(i+BN_num_bits_word(l));
258 void BN_clear_free(BIGNUM *a)
262 if (a == NULL) return;
265 memset(a->d,0,a->max*sizeof(a->d[0]));
266 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
269 i=BN_get_flags(a,BN_FLG_MALLOCED);
270 memset(a,0,sizeof(BIGNUM));
275 void BN_free(BIGNUM *a)
277 if (a == NULL) return;
278 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
280 a->flags|=BN_FLG_FREE; /* REMOVE? */
281 if (a->flags & BN_FLG_MALLOCED)
285 void BN_init(BIGNUM *a)
287 memset(a,0,sizeof(BIGNUM));
294 if ((ret=(BIGNUM *)Malloc(sizeof(BIGNUM))) == NULL)
296 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
299 ret->flags=BN_FLG_MALLOCED;
308 BN_CTX *BN_CTX_new(void)
312 ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
315 BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
320 ret->flags=BN_FLG_MALLOCED;
324 void BN_CTX_init(BN_CTX *ctx)
326 memset(ctx,0,sizeof(BN_CTX));
331 void BN_CTX_free(BN_CTX *c)
338 for (i=0; i<BN_CTX_NUM; i++)
339 BN_clear_free(&(c->bn[i]));
340 if (c->flags & BN_FLG_MALLOCED)
344 /* This is an internal function that should not be used in applications.
345 * It ensures that 'b' has enough room for a 'bits' bit number. It is
346 * mostly used by the various BIGNUM routines. If there is an error,
347 * NULL is returned. if not, 'b' is returned.
349 BIGNUM *bn_expand2(BIGNUM *b, int words)
360 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
362 BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
365 a=A=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(words+1));
368 BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
373 /* Check if the previous number needs to be copied */
377 /* This lot is an unrolled loop to copy b->top
378 * BN_ULONGs from B to A
381 * I have nothing against unrolling but it's usually done for
382 * several reasons, namely:
383 * - minimize percentage of decision making code, i.e. branches;
384 * - avoid cache trashing;
385 * - make it possible to schedule loads earlier;
386 * Now let's examine the code below. The cornerstone of C is
387 * "programmer is always right" and that's what we love it for:-)
388 * For this very reason C compilers have to be paranoid when it
389 * comes to data aliasing and assume the worst. Yeah, but what
390 * does it mean in real life? This means that loop body below will
391 * be compiled to sequence of loads immediately followed by stores
392 * as compiler assumes the worst, something in A==B+1 style. As a
393 * result CPU pipeline is going to starve for incoming data. Secondly
394 * if A and B happen to share same cache line such code is going to
395 * cause severe cache trashing. Both factors have severe impact on
396 * performance of modern CPUs and this is the reason why this
397 * particular piece of code is #ifdefed away and replaced by more
398 * "friendly" version found in #else section below. This comment
399 * also applies to BN_copy function.
401 * <appro@fy.chalmers.se>
403 for (i=b->top&(~7); i>0; i-=8)
405 A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
406 A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
427 /* I need the 'case 0' entry for utrix cc.
428 * If the optimizer is turned on, it does the
429 * switch table by doing
432 * goto jump_table[a];
433 * If top is 0, this makes us jump to 0xffffffc
434 * which is rather bad :-(.
440 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
443 * The fact that the loop is unrolled
444 * 4-wise is a tribute to Intel. It's
445 * the one that doesn't have enough
446 * registers to accomodate more data.
447 * I'd unroll it 8-wise otherwise:-)
449 * <appro@fy.chalmers.se>
451 BN_ULONG a0,a1,a2,a3;
452 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
453 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
460 case 0: ; /* ultrix cc workaround, see above */
469 /* Now need to zero any data between b->top and b->max */
472 for (i=(b->max - b->top)>>3; i>0; i--,A+=8)
474 A[0]=0; A[1]=0; A[2]=0; A[3]=0;
475 A[4]=0; A[5]=0; A[6]=0; A[7]=0;
477 for (i=(b->max - b->top)&7; i>0; i--,A++)
480 memset(A,0,sizeof(BN_ULONG)*(words+1));
481 memcpy(A,b->d,sizeof(b->d[0])*b->top);
486 /* memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
487 /* { int i; for (i=b->max; i<words+1; i++) p[i]=i;} */
493 BIGNUM *BN_dup(const BIGNUM *a)
497 if (a == NULL) return NULL;
502 if (r == NULL) return(NULL);
503 return((BIGNUM *)BN_copy(r,a));
506 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
514 if (a == b) return(a);
515 if (bn_wexpand(a,b->top) == NULL) return(NULL);
520 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
522 BN_ULONG a0,a1,a2,a3;
523 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
524 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
531 case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */
534 memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
537 /* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
539 if ((a->top == 0) && (a->d != NULL))
545 void BN_clear(BIGNUM *a)
548 memset(a->d,0,a->max*sizeof(a->d[0]));
553 BN_ULONG BN_get_word(BIGNUM *a)
559 if (n > sizeof(BN_ULONG))
561 for (i=a->top-1; i>=0; i--)
563 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
564 ret<<=BN_BITS4; /* stops the compiler complaining */
574 int BN_set_word(BIGNUM *a, BN_ULONG w)
577 if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
579 n=sizeof(BN_ULONG)/BN_BYTES;
582 a->d[0]=(BN_ULONG)w&BN_MASK2;
583 if (a->d[0] != 0) a->top=1;
586 /* the following is done instead of
587 * w>>=BN_BITS2 so compilers don't complain
588 * on builds where sizeof(long) == BN_TYPES */
589 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
595 a->d[i]=(BN_ULONG)w&BN_MASK2;
596 if (a->d[i] != 0) a->top=i+1;
601 /* ignore negative */
602 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
608 if (ret == NULL) ret=BN_new();
609 if (ret == NULL) return(NULL);
617 if (bn_expand(ret,(int)(n+2)*8) == NULL)
619 i=((n-1)/BN_BYTES)+1;
620 m=((n-1)%(BN_BYTES));
632 /* need to call this due to clear byte at top if avoiding
633 * having the top bit set (-ve number) */
638 /* ignore negative */
639 int BN_bn2bin(const BIGNUM *a, unsigned char *to)
648 *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
653 int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
656 BN_ULONG t1,t2,*ap,*bp;
662 if (i != 0) return(i);
665 for (i=a->top-1; i>=0; i--)
670 return(t1 > t2?1:-1);
675 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
681 if ((a == NULL) || (b == NULL))
694 if (a->neg != b->neg)
702 else { gt= -1; lt=1; }
704 if (a->top > b->top) return(gt);
705 if (a->top < b->top) return(lt);
706 for (i=a->top-1; i>=0; i--)
710 if (t1 > t2) return(gt);
711 if (t1 < t2) return(lt);
716 int BN_set_bit(BIGNUM *a, int n)
724 if (bn_wexpand(a,i+1) == NULL) return(0);
725 for(k=a->top; k<i+1; k++)
730 a->d[i]|=(((BN_ULONG)1)<<j);
734 int BN_clear_bit(BIGNUM *a, int n)
740 if (a->top <= i) return(0);
742 a->d[i]&=(~(((BN_ULONG)1)<<j));
747 int BN_is_bit_set(const BIGNUM *a, int n)
751 if (n < 0) return(0);
754 if (a->top <= i) return(0);
755 return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
758 int BN_mask_bits(BIGNUM *a, int n)
764 if (w >= a->top) return(0);
770 a->d[w]&= ~(BN_MASK2<<b);
776 int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n)
783 if (aa != bb) return((aa > bb)?1:-1);
784 for (i=n-2; i>=0; i--)
788 if (aa != bb) return((aa > bb)?1:-1);